312-50V10 · Question #183
Bob learned that his username and password for a popular game has been compromised. He contacts the company and resets all the information. The company suggests he use two-factor authentication; which
The correct answer is A. A fingerprint scanner and his username and password. Two-factor authentication (2FA) requires using two distinct authentication factors from different categories: something you know, something you have, or something you are. Only one option combines factors from two separate categories.
Question
Bob learned that his username and password for a popular game has been compromised. He contacts the company and resets all the information. The company suggests he use two-factor authentication; which option below offers that?
Options
- AA fingerprint scanner and his username and password
- BHis username and a stronger password
- CA new username and password
- DDisable his username and use just a fingerprint scanner
How the community answered
(51 responses)- A88% (45)
- B6% (3)
- C4% (2)
- D2% (1)
Why each option
Two-factor authentication (2FA) requires using two distinct authentication factors from different categories: something you know, something you have, or something you are. Only one option combines factors from two separate categories.
A fingerprint scanner represents the 'something you are' factor (biometric), while a username and password represent the 'something you know' factor. Combining these two distinct factor categories satisfies the definition of two-factor authentication. This is a classic MFA implementation pairing knowledge-based and biometric credentials.
A username and a stronger password are both 'something you know' credentials - this is single-factor authentication regardless of password strength.
A new username and password still represent only one factor category ('something you know') and does not constitute 2FA.
Using only a fingerprint scanner is single-factor authentication ('something you are') - removing the password eliminates the second factor rather than adding one.
Concept tested: Multi-factor authentication factor categories
Source: https://csrc.nist.gov/publications/detail/sp/800-63b/final
Topics
Community Discussion
No community discussion yet for this question.